﻿<?php 
include("../safe.php"); 
include("../action_save.php");
function check($str){
	return str_replace("'","''",$str);
}
$action=$_GET["action"];
$id=intval($_GET["id"]);
if($_POST['id']<>''){$ID_Dele=implode(",",$_POST['id']);}
$Status=check($_POST["Status"]);
$orderno=check($_POST["orderno"]);
$Last_rank=check($_POST["Last_rank"]);
// if($action=='add'){
// $sql = "INSERT INTO ph_order(orderno,amount,guonei,guoji,guojiyunfei,ordertime,status,ispay,address,remark,user_id,user_name,qq,c_time)VALUES('".$orderno."','".$amount."','".$guonei."','".$guoji."','".$guojiyunfei."','".$ordertime."','".$status."','".$ispay."','".$address."','".$remark."','".$user_id."','".$user_name."','".$qq."','".date("Y-m-d H:i:s",time())."')";
// mysql_query($sql,$conn);
// insertaction($_SESSION["managername"],"新增".$orderno,$conn);
// echo "<script language=JavaScript>\r\n";
// echo "location.href='list.php'\r\n";
// echo "</script>";
// }

if($action=='edit'){
$sql = "update ph_order set Status='".$Status."',Last_rank='".$Last_rank."' where ID='".$id."'";
mysql_query($sql,$conn);
insertaction($_SESSION["managername"],"编辑订单".$orderno,$conn);
echo "<script language=JavaScript>\r\n";
echo "alert('修改成功!');\r\n";
echo "location.href='list.php'\r\n";
echo "</script>";
}
if($action=='del'){
if($ID_Dele<>''){
$sql = "delete from ph_order where id in(".$ID_Dele.")";
mysql_query($sql,$conn);}
if($id<>''){
$sql = "delete from ph_order where id ='".$id."'";
mysql_query($sql,$conn);}
insertaction($_SESSION["managername"],"删除订单:".$orderno,$conn);
echo "<script language=JavaScript>\r\n";
echo "alert('删除成功!');\r\n";
echo "location.href='list.php'\r\n";
echo "</script>";
}
?>